Abstract

This document specifies authorization extensions to the Transport
Layer Security (TLS) Handshake Protocol. Extensions are carried in the
client and server hello messages to confirm that both parties support
the desired authorization data types. Then, if supported by both the
client and the server, authorization information, such as attribute
certificates (ACs) or Security Assertion Markup Language (SAML)
assertions, is exchanged in the supplemental data handshake message.
This document defines an Experimental Protocol for the Internet
community.